ClawHub

Auto Evolution

Security checks across malware telemetry and agentic risk

Overview

This skill is an auto-improvement tool, but it records user correction content to local feedback files by default and without a clear opt-in or deletion/retention controls.

Install only if you are comfortable with automatic local recording of user corrections. Use it with explicit user disclosure, limit what gets saved, redact secrets and personal data, restrict access to `.claude/feedback/`, and add review, deletion, and retention controls before enabling automatic capture.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example explicitly describes silently dispatching a feedback observer that writes persistent records into `.claude/feedback/` without any user notice or consent. Silent persistence of user correction content can create privacy, transparency, and integrity risks, especially if the stored feedback later drives rule changes or automated behavior modifications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly promotes silently capturing corrective user feedback, but it does not warn about privacy implications, consent requirements, retention, or the possibility that sensitive user content may be collected incidentally. In this skill context, the feature is core behavior rather than an accidental mention, which makes the omission more dangerous because implementers are likely to deploy covert feedback collection without adequate safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Quick Start instructs operators to store structured feedback in `.claude/feedback/` without any warning that conversation-derived data will persist on disk, potentially including sensitive or regulated information. Because this is an operational setup step, users may implement local persistence by default without encryption, retention controls, or disclosure to end users, increasing the chance of privacy leakage and unintended data accumulation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description includes very common corrective phrases like 'that's not right' and 'you forgot again', which can cause the skill to activate during ordinary conversation rather than only when the user intentionally wants this capability. In this skill, accidental activation is more dangerous because activation can lead to silent observation and persistence of conversation-derived feedback to disk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly says user corrections and feedback should be silently transformed into structured entries and written to a feedback store, without a clear user-facing warning or consent step. This creates a privacy and trust risk because users may not expect their conversational corrections to be retained on disk for future processing.

Missing User Warnings

High
Confidence
99% confidence
Finding
These instructions direct the agent to silently dispatch an observer and record context by default whenever feedback-like language is detected. The covert nature of the collection materially increases risk because it bypasses informed consent and can capture more context than the user intended to share or retain.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When feedback-like text is detected, the script emits guidance to record that feedback into `.claude/feedback/` after the current request, but it provides no notice, consent check, or policy gate. In a skill explicitly designed for silent feedback capture and auto-evolution, this creates a realistic privacy and data-governance risk because user corrections may be persisted without clear user awareness.

Ssd 3

Medium
Confidence
94% confidence
Finding
The README explicitly promotes silently capturing user correction messages and accumulating them into structured feedback for later processing. Even though the stated purpose is product improvement, silent collection and retention of free-form user messages can capture sensitive personal, business, or credential-like content without clear consent, minimization, or retention controls, creating a real privacy and data leakage risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow instructs operators to write structured feedback into a persistent local directory under .claude/feedback/, which turns conversational corrections into durable stored data. Persistent local storage increases exposure to unintended access, cross-session leakage, over-retention, and later reuse of sensitive user content, especially because the earlier workflow emphasizes silent capture.

Ssd 3

Medium
Confidence
93% confidence
Finding
Persisting natural-language corrections into a feedback repository creates a data retention risk because those entries may contain sensitive instructions, personal data, internal context, or proprietary information copied from the conversation. The skill context makes this more dangerous because the stored data is intended to accumulate over time and feed future evolution workflows.

Ssd 3

High
Confidence
98% confidence
Finding
The skill instructs covert collection of user-provided context by silently dispatching an observer after detecting correction-like language, then storing that context without asking the user. This is a true vulnerability because it enables hidden data capture and retention, undermining user expectations and potentially exposing sensitive conversational content through local files or later processing stages.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal